Accelerating compliance with Gradian DLP-as-a-Service
The Business
This bold and distinctive International law firm is one of the largest law firms worldwide by global revenue, and employs over 2,000 lawyers. They are ranked by Thomson Reuters in the top 10 strongest global law firm brands.
“We don’t need to be Forcepoint experts – Gradian is there for us; providing expert and responsive advice at every step,” says the CISO. “Gradian understood our business use-cases, made valuable recommendations, worked with us on an implementation strategy, and now provide DLP-as-a-Service. They made sure we could crawl and walk before we could run.”
The Challenge
Data loss prevention (DLP) is a key priority for security leaders across industries, especially in the legal sector which deals every day with regulated data. Legal teams handle a significant amount of highly sensitive information, from medical and financial data to merger and acquisition information. Moreover, everyone in the organisation – from partners and paralegal teams to administrative staff – is responsible for the management of data.
DLP is now a “must-have”
“DLP is ‘table stakes’ for us,” says the law firm’s Chief Information Security Officer (CISO). “As the organisation evolves towards cloud applications and hybrid cloud environments, DLP has changed from a ‘nice-to-have’ to a ‘must-have’. Clients trust us with their data and we need to track its movement. DLP is also a balancing act. On the one hand, we need to prevent the loss or misuse of sensitive data. On the other, we must simultaneously maintain open communications with our clients.”
Until recently, the organisation relied on a legacy DLP platform which, according to their CISO, needed replacing. “The platform was effective, but we needed to refresh our approach. We needed a more mature, flexible DLP solution to improve credible alerting and meet client expectations.”
The CISO and his team had two options: operate and maintain a modern DLP platform in-house, or turn to a trusted managed provider to implement and support the solution. “DLP is more strategy than product, so success depends on methodology and execution,” he stated.
The Solution
“Forcepoint offers a top-tier platform to manage the acceptable movement of information based on people’s behaviour. We benefit from visibility and control about how data is handled, irrespective of people’s location,” claimed the CISO.
Gradian led the firm to study Forcepoint. “It’s rare for us to outsource IT support. However, the Gradian team were impressive during the selection phase. We were confident we could trust Gradian to provide insight and guidance in support of our DLP strategy,” he said.
The law firm has standardised on Gradian’s DLP-as-a-Service, powered by Forcepoint, to provide enterprise protection. The approach simplifies compliance whilst protecting both the client and the organisations’ own sensitive data.
The Result
DLP can be a ‘noisy’ environment, with regular alerts on incidents that turn out to be false positives. That’s not the case with DLP-as-a-Service, which is tuned to specific client and firm risks – diminishing false positives and automating the response to other lowgrade alerts. “We didn’t want our Security Operations Centre (SOC) to be overwhelmed with false positive alerts. Gradian understood our requirements and worked with us to tailor the security configuration accordingly.” This client-focused DLP strategy has become a talking point during client meetings. “We can demonstrate to clients how their critical data is transmitted. The clients welcome this trust and transparency – and we have Gradian to thank for that.” Their CISO concludes, “Gradian is one of our trusted partners. Everything about DLP-as-a-Service – the underlying Forcepoint technology, the implementation, and the ongoing management – are highly professional. We’re confident to trust Gradian to help maintain this critical security tool.”
Challenge
Until recently, the organisation relied on a legacy DLP platform which, according to their CISO, needed replacing. The CISO and his team had two options: operate and maintain a modern DLP platform in-house, or turn to a trusted managed provider to implement and support the solution.
Solution
The law firm has standardised on Gradian’s DLP-as-a-Service, powered by Forcepoint, to provide enterprise protection. The approach simplifies compliance whilst protecting client and the firms’ own sensitive data.
Results
Gradian is now trusted to manage the DLP estate across more than 7,500 endpoints and the server estate worldwide.